Minimize your digital risk by detecting data loss, securing your online brand, and reducing your attack surface.
A powerful, easy-to-use search engine that combines structured technical data with content from the open, deep, and dark web.
Digital Risk Protection
Read our new practical guide to reducing digital risk.
New report recognizes Digital Shadows for strongest current offering, strategy, and market presence of 14 vendors profiled
Read Full Report
This post originally appeared on SecurityWeek. Read more from CEO Alastair Paterson.
Approximately 250 years ago Samuel Johnson said, “The next best thing to knowing something, is knowing where to find it.” This is quite a fitting quote from the author of A Dictionary of the English Language and equally fitting today when it comes to understanding your digital risk.
There’s a great deal of intelligence organizations can find on the deep and dark web. Credit card numbers, bank account information, patient information and intellectual property are widely known to be for sale on forums. Now some of the intelligence is more eye opening. We’re seeing W-2 forms , and employee credentials available, making any organization ripe for tax fraud or account takeover, respectively.
One of the most popular marketplaces on the dark web for such information is AlphaBay. Not only is information related to a company’s assets available, but information about new techniques to compromise targets is for sale as well. One of the latest is a tool to bypass SMS account verification, making multi-factor authentication that relies on SMS vulnerable. On such forums you can also find configuration files for credential stuffing tools, like Sentry MBA, that are created for account takeover of specific companies. There are dozens of marketplaces on the dark web and competition for business is steep. In fact, some less popular marketplaces offer botnets devised to spam AlphaBay users with advertisements or special promotions in an attempt to entice them to switch forums. Not all dark web sources are as readily accessible as AlphaBay, of course. Some require human analyst expertise to also gain access to closed sources to get the most relevant view of the risks.
But for all the notoriety of these marketplaces, it is also important to remember that criminal activity isn’t limited to the dark web, particularly given the fact that some countries don’t extradite cybercriminals. With minimal consequences, bad actors have no incentive to hide. As a result, cybercrime is an Internet-wide problem, almost equally present on the deep and open web. Deer.io is a prime example. This all-in-one outsourced online shop provides hosting, design (based on WordPress-like templates) and a payment solution. Additional items for sale on the marketplace include:
The point is that criminal forums exist everywhere so focusing only on the dark web won’t give you a comprehensive view of your digital risk. Furthermore, it isn’t enough to simply detect mentions of company assets and concerns. You need context behind the information you see posted to have a better understanding of the actual risk to your organization. This requires a combination of technology and people.
A comprehensive assessment of your digital risk starts with knowing where to find it. With an approach that combines technology and human experts looking across the open, deep and dark web, you can understand not only where and when you are mentioned online, but also why, by whom and the likely impact to your organization. This breadth and depth of coverage is essential to protect against threats associated with forums and marketplaces and, ultimately, to formulate a successful digital risk management strategy.